Privacy of consumer information is a topic that has received
a huge amount of attention in recent years, fueled by the growing public sense
that Internet and technology companies are not acting as good guardians of
customer information. With the recent
passage of the California Consumer Privacy Act (the CCPA) California thrust
itself into the forefront of the debate over what laws are needed to provide
adequate privacy and security for personal information. The CCPA, which will become effective on
January 1, 2020, goes far towards creating privacy safeguards in line with the
expansive protections found in the European Union’s General Data Protection
Regulation (the GDPR). But the act
remains a work in progress, and there are some serious questions about how
vigorously it can be enforced.
One of the most contentious issues discussed during the
enactment of the CCPA was whether a “private cause of action” should be included
in the act. A private cause of action
refers to the issue of whether a private citizen may bring a civil action to
claim damages for violations of the act.
If not, then actions to remedy violations can only be brought by the
state, acting through the Attorney General’s office. Proponents of the inclusion of a private
cause of action argued that compliance with the provisions of the CCPA would be
much more likely if companies were faced with the possibility of civil actions
brought by trial lawyers for violations of the law. Opponents of a private cause of action
believed that it would lead to a flood of lawsuits, imposing a huge and
expensive burden on businesses in California.
Posts
